Basic Auth + PAM
Basic Auth + PAM
2014/09/08
|
Limit accesses on specific web pages and use OS users for authentication with SSL connection.
| |
| [1] | |
| [2] | Download the latest mod-auth-external and pwauth from the site below. ⇒ https://code.google.com/p/mod-auth-external/ ⇒ https://code.google.com/p/pwauth/ For example, set Basic Auth under the [/var/www/html/auth-pam] directory. |
[root@www ~]#
yum -y install httpd-devel pam-devel gcc make
[root@www ~]#
[root@www ~]#
curl -L -O https://mod-auth-external.googlecode.com/files/mod_authnz_external-3.3.2.tar.gz
[root@www ~]#
curl -L -O https://pwauth.googlecode.com/files/pwauth-2.3.11.tar.gz
tar zxvf mod_authnz_external-3.3.2.tar.gz
[root@www ~]#
cd mod_authnz_external-3.3.2
[root@www mod_authnz_external-3.3.2]#
apxs -c mod_authnz_external.c
[root@www mod_authnz_external-3.3.2]#
apxs -i mod_authnz_external.la
[root@www mod_authnz_external-3.3.2]# [root@www ~]#
tar zxvf pwauth-2.3.11.tar.gz
[root@www ~]#
cd pwauth-2.3.11
[root@www pwauth-2.3.11]#
vi config.h
# line 126: comment out
/*
#define SHADOW_SUN
# line 134: uncomment
#define PAM
# line 282: change to the httpd's ID )
#define SERVER_UIDS
48
/* user "
apache
" on the author's system */
[root@www pwauth-2.3.11]#
vi Makefile
# line 10: comment out
#
LIB= -lcrypt
# line 14: uncomment
LIB=-lpam -ldl
make
[root@www pwauth-2.3.11]#
cp pwauth /usr/local/libexec/
[root@www pwauth-2.3.11]#
chmod 4755 /usr/local/libexec/pwauth
[root@www pwauth-2.3.11]#
[root@www ~]#
vi /etc/pam.d/pwauth
# create new
#%PAM-1.0 auth include system-auth account include system-auth session include system-auth
[root@www ~]#
vi /etc/httpd/conf.d/auth_pam.conf
# create new
LoadModule authnz_external_module modules/mod_authnz_external.so
AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe
<Directory /var/www/html/auth-pam>
SSLRequireSSL
AuthType Basic
AuthName "PAM Authentication"
AuthBasicProvider external
AuthExternal pwauth
require valid-user
</Directory>
# create a test page
[root@www ~]#
mkdir /var/www/html/auth-pam
[root@www ~]#
vi /var/www/html/auth-pam/index.html
<html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> Test Page for PAM Auth </div> </body> </html>
systemctl restart httpd
|
| [3] | Access to the test page with a Web browser on Client and authenticate with a user which is on OS. |
 |
| [4] | Just accessed. |
 |
Comentários
Postar um comentário